Job Seekers Asked For Facebook Passwords: Debate Roars

As part of the vetting process, some companies are asking job candidates to provide their Facebook credentials. Would you? Should you?

Facebook Apps In Action

(click image for larger view and for slideshow)

It's the job of your dreams. Your resume was one of those selected from among hundreds submitted. You've made it through a phone screener and then several in-person interviews with key company players. You can feel it--the job is yours. Now, all you have to do is provide your Facebook password.

Would you? Should you?

An Associated Press story picked up by the Boston Globe, among many other media outlets, tells the tale of a New York statistician who was surprised when asked by a job interviewer for his Facebook user name and password. The candidate withdrew his application, saying he didn't want to work for a company that would ask for such information. But this was apparently not an isolated incident. It's common practice for companies to check out job candidates' social media presence as part of the vetting process (hence, all those recommendations about not posting compromising photos, inflammatory comments, and the like), but as more and more people utilize Facebook's privacy controls to lock down their profiles, companies are apparently asking job candidates to give up the keys to their Facebook kingdoms.

Is that as invasive as it sounds? Yes, according to social media and HR experts contacted by The BrainYard, not to mention a group of Facebook users who responded with a resounding and collective "No way!" when asked on the social network itself if they would give up their password to get a job.

"I have heard about recruiters and hiring managers performing searches on social media channels when vetting out candidates, but directly asking for a password is akin to asking for the password to an employee's email account or other password-protected material," said Jake Wengroff, global director, social media strategy and research, Frost & Sullivan. "It is a clear invasion of privacy."

The fact that companies feel they can even ask is a sign that we're still in an employer's market, said Bruce Hurwitz, president and CEO of Hurwitz Strategic Staffing. "They think that in this market, they can do whatever they want," he said. "They don't need the candidates; the candidates need them. They think they can get away with it."

Ari Lightman, distinguished service professor, digital media and marketing, and director of the CIO Institute at Carnegie Mellon University, said the practice may be surprising but is in many ways understandable given the fact that we're dealing with newer technology where legal precedent has yet to be established.

"Employers and some colleges have been asking for Facebook passwords as a mechanism to better profile potential applicants," Lightman told The BrainYard. "From the employer perspective, they are trying to rule out any illicit behavior that would lead to diminished performance at work or dismissal. I don't think it is too prevalent, but the few cases are becoming very public, especially as watchdog groups like the ACLU become involved."

Lightman said he believes that it will eventually be deemed unlawful to require an applicant to provide a Facebook password as part of the recruitment process. But, in the meantime, what are applicants put in this awkward position supposed to do? Given the still-tight economy, would you hand over your password if asked during an interview?

"I would probably friend the interviewer, but hand over a password? I think not," said one Facebook user in response to this question.

"I would not. There's nothing on my wall or news feed I'd be embarrassed by, but who wants to work for a company that goes to such measures?" said another.

"No way, no how."

"No ... as I would not give my password to ANYONE."

"I would say have a nice day and leave."

"[It's] an invasion of privacy in my book. I don't think [the interviewer] would give me theirs if I asked.

"Not unless they have a court order! I don't want to work for ANYONE that much."

"NO WAY! If they want to know what I post, friend me, but anything else is a huge invasion! Plus, how do I know they won't post something that is totally inappropriate?

"No! I would tell them what they can do with their job, even if I were desperate for work."

Frost & Sullivan's Wengroff suggests a middle ground, as well as some general advice: "I would agree to walk a recruiter through my Facebook page that I signed in to, but I would not hand over the password," he said. "However, as a best-practice, job seekers--or anyone with a public-facing persona--should always think twice about posting, sharing and commenting on potentially objectionable content on Facebook. It shouldn't have to come down to a job interview to think twice about what you post on Facebook.

Would you give up your credentials under any circumstances? What do you see happening with regard to this issue moving forward? Please comment below or write me at debra.donstonmiller@gmail.com.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Any person is granted the freedom of speech. This should be consider a crime, companies that utilizes such unethical practices should be black-listed in open forums to avoid job seekers from even applying for the job.

This is a no brainer. I don't have a facebook account. Even if I had one I would refuse to do so and would ask to see the document where I offered it. This is dangerous 1st amendment area and you could sue, I believe.Once the company was known for this the people applying for jobs would dry up.

The ITRC reported over 22M reported data breeches last year http://www.idtheftcenter.org/a... and just last week 171,000 usernames and passwords from a military dating site were breached. Facebook breach number were elusive but I found a handful of "programs" online designed to compromise Facebook passwords. Often, on employment applications you agree to a credit/background/criminal checks and eventually give your new employer your SSN.

I offer two points: 1) If you don't want prying eyes to see something...don't post it anywhere and 2) If someone really wants your information in the cloud, they will likely get it, even with 128bit SSL encryption.

As a Lawyer told me once, "Never put anything in print unless you are willing to see it published on the front page of the NY Times or be embarrassed to have your Mom to read it"

That should also hold true for Social Media. In 2009 Proofpoint reported that in a survey 8% of fired employees were from a result of inappropriate postings http://blog.proofpoint.com/201...

Although, its inappropriate to ask for your personal username/password and I don't leave my keys in the ignition of my car either, I don't see what the uproar is about. I believe today's security focus has moved from the inevitable where,when and how (deterrence) to mitigating risk during the breech.(damage control)

The question seems self-answering, if one follows it through to a logical conclusion: 'Think about the person who would be willing to provide that password, when that person is approached or interviewed by a competitor at some future time, would they hesitate to provide the organizations sysadmin passwords? customer lists? financials?

Clear answer is "No!". Do they want my email and voicemail password as well? How about a copy of my front door key to go with that? Want me to strip naked right here so that you can do a cavity search?If a company would ask me for that I'd get up and walk out of the interview. It is not a place I'd want to work at.

I view this as funny/hypocritical/possible needed "invasion of individual privacy"...If you owned a business, would you not want to avoid being slandered/humiliated/damaged by an employee. A fully vetting process is one method that employers that have a substantial amount to lose is one way to "attempt" at mitigating the possibility.

Nobody is perfect, but with the increase in media channels/outlets, one needs to be very careful where they share particular information. If I have something heinous to say/communicate I do my best to bite my cheek and think about how it may affect others.

I think Giakson's comments/references below would qualify why a proper/thorough vetting of candidates may be in order. Would you want your bank or the government to hire a very skilled programmer that regularly brags about their prowess in online forums such as Facebook regarding their ability to defraud/exploit systems?

And in my first comment I mention funny. Funny as this channel/thread of news is blowing up and going viral when this type of vetting if completed by just individuals might be completed soundly.

Part of my job is InfoSec. If asked this question, I would ask if this is the security standard that my potential work would be held to, that these are the lax policies I would be enforcing and being held responsible for. Pretty much regardless of their response, I would mock them before walking out. If I really wanted to be mean, I'd offer to leave a urine sample for them to drug test from.. on the interviewer's desk. Drug tests: that's a similar invasion of privacy as far as I'm concerned; I've heard no comparison to that, but it's so similar.

Snarky comments aside, I've understood from other articles on this subject that the jobs being interviewed for were municipal jobs: police force or 911 call centers, iirc. I wouldn't be applying to those jobs (let alone urinating on a desk in a police station). Those who do may very well expect this sort of invasive inquiry to be sure that they will be suitable and reliable for their position. Those applying to the jobs in question may well be drug tested as well, and they probably think nothing of that.

What I find completely absent in this 'roaring debate' is the opinion of those directly affected by the story. Opinions of those unaffected (as yet) are just as hypothetical as my snarky comment. I'm not there, and I can't be certain of my response until I'm in that position and could possibly need that job so desperately. Desperate people will do anything.

I just heard this on our local news station where they reported the practice as legal. I don't know which legal opinion substantiates that classification and would be interested in knowing which but, I would think it more accurate to classify it as "unregulated" which implies there is no legal precedence - yet. That said, there is not even reasoning within your company to hand over credentials to your personally identifiable company account and leave yourself open to personality theft by some fradulent trader to hide their actions (French case costing the company 5 billion), IT staff to abuse their position (San Francisco, Rome,...), or other likely misuse (Enrons of the world). So a discussion of giving up a private, personal account to prospective or even current employer evades any logic.

I have faith in the legal system that would and will eventually classify this as an invasion of legitimate expectation of the right to free speech and privacy. If I post it publically accessible, then the prospective employer can see it without access, if I post it in the semi private setting of social media (only friends) then I should have the same expectation of a one-to-many conversation at a ballgame with a friends (in as much as that can be private). It is my responsibility however to know and set that security in the social apps. Wengroff's recommendation I believe violates that right to privacy by eavesdropping (in the illegal sense akin to wiretapping or recording telephone calls without disclosure).

First you answer the question with a question. "I would like the account number and password information to your bank account that will allow me to make withdrawals and transfers. Sounds like a fair trade of information to me - Don't you think??"

Then, there has been, for many years, a practice in many european countries where people would have multiple cell phone accounts so their most personal of personal calls could never be traced. Same with Facebook - open up a new account before you start advertising that is simply an business profile and a copy of your resueme and a few pictures of your past work experiences.

If challenged by the prospective employer that it is not your real account, yhou simply say, my life IS my work..I am sure that is true for you as well and you will, right here and now, give me your facebook account and passwork to prove that your can pass the test as well.

Remember,. when interviewing NEVER BE TIMID - ACT LIKE YOU ARE ALREADY THEIR BOSS.

One of the things that bothers me is subverting the whole notion of Facebook privacy controls (such as they are). It's one thing if people are pumping out public posts that would be embarrassing to the hiring organization. Think of the school board hiring a principal who commonly posts sexist jokes - I can see their interest in wanting to find out about that ahead of time.

On the other hand, if I want to post political comments just to contacts that share my political views and go to the trouble of tagging my contacts in FB, I may be doing that specifically to avoid publishing them to audiences such as potential employers who might not like my politics or wouldn't want to be associated with them.

People have a right to have a life outside of work, including a social media life. It's not easy in the digital world to keep your work and personal lives entirely separate, but I really hate to see the few tools that do exist for trying to be discrete undermined.

Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.